Tahg only did that because the user was obviously using a hacked character. I disagree with using server knowledge etc to "test" certain things in a public area, especially if its something as major as a bahro which are only ever present when official story is going on. A lot of us are here for the story. It's what ties everything together and fans having the ability to run wild with it is cause for alarm.

That being said, it's great that we have some talented fans who can keep things going and potentially make bug fixes etc, the point is fans shouldn't be in control of official characters. That's in the tos that you cant even use the name of any in-game Cyan characters. At this point that would include the bahro so the hacker was asking for what they got. I feel tahg did the right thing in this case. That's my two cents.

Tahg only did that because the user was obviously using a hacked character. I disagree with using server knowledge etc to "test" certain things in a public area, especially if its something as major as a bahro which are only ever present when official story is going on. A lot of us are here for the story. It's what ties everything together and fans having the ability to run wild with it is cause for alarm.

That being said, it's great that we have some talented fans who can keep things going and potentially make bug fixes etc, the point is fans shouldn't be in control of official characters. That's in the tos that you cant even use the name of any in-game Cyan characters. At this point that would include the bahro so the hacker was asking for what they got. I feel tahg did the right thing in this case. That's my two cents.

They are still Cyan's characters that appear for more than a minute when story is going on.

While I appreciate the knowledge and the talent these people have, I don't think a Bahro in a public area was such a good idea. In fact, it exposed some previously unknown things. Holy moly, Uru has no security once you get the encryption keys? A $12 million game written by a professional team of programmers? Now that was unexpected.

Maybe a private Age would be better next time. Or at least talk so we know it's a fake and not the real thing.

If I understand correctly, the problem is that any program that can access the vault has automatic free reign.

The reason you cannot fix this in the client is that you can't guarantee people will use only the approved client.

The only reasonable solution is for the vault to be reworked so that it enforces security, rather than relying upon players' goodwill to only connect to the vault using the Myst Online client. And, I expect this is not something that is going to be fixed quickly. We are going to have to live with the current model for a while longer (could be many months).

Regardless, the sky is not falling. From a purely technical perspective, Myst Online is not any less secure today than it was a week, or a month ago; it is exactly just as secure, but it is now less obscure. Now more people understand the limitations. This moment of understanding was an inevitability, though it might have been nice if it had waited until we could actually do something about it.